CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27833
https://notcve.org/view.php?id=CVE-2020-27833
14 May 2021 — A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executab... • https://access.redhat.com/security/cve/CVE-2020-27833 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10712 – openshift/cluster-image-registry-operator: secrets disclosed in logs
https://notcve.org/view.php?id=CVE-2020-10712
22 Apr 2020 — A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Se encontró un fallo en OpenShift Container Platform versiones 4.1 y posteriores. Una información confidencial fue encontrada para ser registrada por el operador del registr... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2019-11253 – Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
https://notcve.org/view.php?id=CVE-2019-11253
16 Oct 2019 — Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive poli... • https://access.redhat.com/errata/RHSA-2019:3239 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11249 – kubectl cp allows symlink directory traversal
https://notcve.org/view.php?id=CVE-2019-11249
29 Aug 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions ... • https://access.redhat.com/errata/RHBA-2019:2794 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-11247 – Kubernetes kube-apiserver allows access to custom resources via wrong scope
https://notcve.org/view.php?id=CVE-2019-11247
15 Aug 2019 — The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9... • https://access.redhat.com/errata/RHBA-2019:2816 • CWE-20: Improper Input Validation CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 91%CPEs: 55EXPL: 0CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9514
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3889 – atomic-openshift: reflected XSS in authentication flow
https://notcve.org/view.php?id=CVE-2019-3889
11 Jul 2019 — A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. Se presenta una vulnerabilidad de tipo XSS reflejada en el flujo de autorización de OpenShift Container Platform versiones: openshift-online- versión 3, openshift-enterprise- versiones 3.4 hasta 3.7 y open... • https://access.redhat.com/errata/RHSA-2019:3722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10165 – openshift: OAuth access tokens written in plaintext to API server audit logs
https://notcve.org/view.php?id=CVE-2019-10165
26 Jun 2019 — OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. OpenShift Container Platform anterior a versión 4.1.3, escribe tokens OAuth en texto plano en los registros de auditoría para el servidor de la API Kubernetes y el servidor de la API OpenShift. Un usuario con privilegios suficientes... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10150 – atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository
https://notcve.org/view.php?id=CVE-2019-10150
12 Jun 2019 — It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. Se encontró que OpenShift Container Platform versiones 3.6.x hasta 4.6.0, no realizan la comprobación de clave del host SSH cuando es usada la autenticación de la clave ssh durante las compilaciones. Un atacante, con la capacidad de redireccio... • https://access.redhat.com/errata/RHSA-2019:2989 • CWE-287: Improper Authentication •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3876 – web-console: XSS in OAuth server /oauth/token/request endpoint
https://notcve.org/view.php?id=CVE-2019-3876
01 Apr 2019 — A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens. Se ha detectado un fallo en el endpoint personalizado en /oauth/token/request del servidor OpenShift OAuth, permitiendo la generación de Cross-Site Scripting (XSS) de tokens CLI debido a la falta de... • http://www.securityfocus.com/bid/107664 • CWE-352: Cross-Site Request Forgery (CSRF) •